CVE-2021-25010

CVE-2021-25010: Post Snippets < 3.1.4 - CSRF to Stored Cross-Site Scripting

Vendor Unknown

Product Post Snippets

Weakness CWE-352 · CSRF

Published February 28, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored Cross-Site Scripting issues

Key dates

02Disclosure timeline

February 28, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-25010

Related vulnerabilities

CVE-2021-25010: Post Snippets < 3.1.4 - CSRF to Stored Cross-Site Scripting

01Description

02Disclosure timeline

03References

04Related CVE